1. Field of the Invention
The present invention relates to an improved data processing system and, in particular, to a method, apparatus, and computer program product for data storage protection using cryptography. Still more particularly, the present invention relates to a method, apparatus, and computer program product in a computing environment for providing a scalable physical hardware TPM that provides trust to a scalable number of logical partitions that require trust and that are currently supported by the environment.
2. Description of Related Art
Most data processing systems contain sensitive data and sensitive operations that need to be protected. For example, the integrity of configuration information needs to be protected from illegitimate modification, while other information, such as a password file, needs to be protected from illegitimate disclosure. As another example, a data processing system needs to be able to reliably identify itself to other data processing systems.
An operator of a given data processing system may employ many different types of security mechanisms to protect the data processing system. For example, the operating system on the data processing system may provide various software mechanisms to protect sensitive data, such as various authentication and authorization schemes, while certain hardware devices and software applications may rely upon hardware mechanisms to protect sensitive data, such as hardware security tokens and biometric sensor devices.
The integrity of a data processing system's data and its operations, however, centers around the issue of trust. A data processing system's data and operations can be verified or accepted by another entity if that entity has some manner for establishing trust with the data processing system with respect to particular data items or particular operations.
Hence, the ability to protect a data processing system is limited by the manner in which trust is created or rooted within the data processing system. To address the issues of protecting data processing systems, a consortium of companies has formed the Trusted Computing Group (TCG) to develop and to promulgate open standards and specifications for trusted computing. According to the specifications of the Trusted Computing Group, trust within a given data processing system or trust between a data processing system and another entity is based on the existence of a hardware component within the data processing system that has been termed the trusted platform module (TPM).
A trusted platform enables an entity to determine the state of the software environment in that platform and to seal data to a particular software environment in that platform. The entity deduces whether the state of the computing environment in that platform is acceptable before performing a transaction with that platform. To enable this, the trusted platform provides integrity metrics, also known as integrity measurements, to the entity that reflect the integrity of the software state of the trusted platform. The integrity measurements require a root of trust within the computing platform. In order for a system to be a trusted platform, the integrity measurements must be taken from the Core Root of Trust for Measurements and extended through the initial program load (IPL) process up to the point at which the operating system is initialized.
A trusted platform module has been generally described in a platform-independent manner, but platform-specific descriptions have been created for certain classes of systems, such as personal computers (PCs). Existing hardware for trusted computing has focused on implementations for a single hardware trusted platform module for a single system. This situation is sufficient for simple servers and PCs, which tend to be relatively low-performance computers that meet the needs of stand-alone computational environments or client-side processing environments.
High-performance servers, though, support partitionable, multithreaded environments that may need access to a trusted platform module on multiple threads simultaneously. This type of environment allocates, or partitions, physical resources to each of the supported multiple partitions. In addition, each partition can be thought of as a separate logical computer system that can execute its own operating system and applications. The operating system executed by one partition may be different from the operating systems being executed by the other partitions.
One hardware TPM is designed to provide support for a single, non-partitionable computer system. Thus, existing systems utilize a single hardware TPM to provide trust for the entire single system. These systems, however, were not partitionable environments. A problem then arises as to how to provide support for a partitionable environment which includes multiple partitions which each act as separate computer systems.
Another issue to consider in providing trust to a partitionable environment concerns the scalability of the partitionable environment. A partitionable environment may support any number of different partitions. For example, the environment may be booted to include four partitions and then later booted to support six partitions.
Therefore, it would be advantageous to have a mechanism in a partitionable environment which permits scaling of the environment by providing a scalable hardware TPM that provides trust to a scalable number of partitions that require trust and that are currently supported by the environment.